Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Entfernen von DuckDuckGo Search Engine unter Firefox (OS:Windows 7 (32-Bit))

Entfernen von DuckDuckGo Search Engine unter Firefox (OS:Windows 7 (32-Bit))


Log-Analyse und Auswertung: Entfernen von DuckDuckGo Search Engine unter Firefox (OS:Windows 7 (32-Bit))

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 01.01.2014, 14:47   #1
kluksch
 
Entfernen von DuckDuckGo Search Engine unter Firefox (OS:Windows 7 (32-Bit)) - Standard

Entfernen von DuckDuckGo Search Engine unter Firefox (OS:Windows 7 (32-Bit))


Hallo,
erst einmal ein gesundes neues Jahr 2014.

Mein Problem: Ich hatte vor einigen Monaten DuckDuckGo als Suchmaschine genutzt und mir auch ein Suchtool installiert,welches DDG als bevorzugte Suchmaschine nutzt. Weil ich mit der Suchmaschine unzufrieden war, wollte ich sie nun gern entfernen. Leider geht das nicht so ohne Weiteres.Kann mir jemand beim Entfernen helfen?

Hier mal die geforderten Scan-Logs:
1. Defogger:

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:46 on 01/01/2014 (De La Rose)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-
Das scheint nicht so funktioniert zu haben,wie es soll.

2.FRST


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-12-2013
Ran by De La Rose (administrator) on SUCHTKASTEN on 01-01-2014 12:52:15
Running from C:\Users\De La Rose\Desktop
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(IObit) C:\Program Files\IObit\Advanced SystemCare with Antivirus 2013\ASCSvc.exe
(IOBit) C:\Program Files\IObit\Advanced SystemCare with Antivirus 2013\ASCAvSvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files\D-Link\DWA-140 revB\ANIWConnService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(VIA) C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
() C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(D-Link Corp.) C:\Program Files\D-Link\DWA-140 revB\AirNCFG.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\Pando Networks\Media Booster\PMB.exe
(Akamai Technologies, Inc.) C:\Users\De La Rose\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\De La Rose\AppData\Local\Akamai\netsession_win.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HDAudDeck] - C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [1681408 2009-09-21] (VIA)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-02] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [CanonSolutionMenuEx] - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1316248 2010-12-02] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE [2569616 2010-07-26] (CANON INC.)
HKLM\...\Run: [Philips Device Listener] - C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe [380416 2011-03-03] ()
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [D-Link D-Link Wireless N DWA-140] - C:\Program Files\D-Link\DWA-140 revB\AirNCFG.exe [1024000 2010-06-30] (D-Link Corp.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\...\Run: [Pando Media Booster] - C:\Program Files\Pando Networks\Media Booster\PMB.exe [2975640 2010-11-05] ()
HKCU\...\Run: [ccleaner] - C:\Program Files\CCleaner\CCleaner.exe [3591960 2013-05-24] (Piriform Ltd)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\De La Rose\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [Advanced SystemCare 5] - C:\Program Files\IObit\Advanced SystemCare with Antivirus 2013\ASCTray.exe [299392 2012-07-26] (IObit)
MountPoints2: {165729f7-38ff-11df-9392-00252204b807} - G:\autorun.exe
MountPoints2: {907382f9-3088-11e1-8920-00252204b807} - F:\setup.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://duckduckgo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8205ADD600CDCA01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
URLSearchHook: HKCU - (No Name) - {1ce76c93-a797-4ca2-ab3c-f4a6cfba3440} -  No File
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2967869
SearchScopes: HKCU - DefaultScope {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = hxxp://www.daemon-search.com/search?q={searchTerms}
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=BT5&o=15443&src=crm&q={searchTerms}&locale=de_DE
SearchScopes: HKCU - {6579BD32-B656-4E80-BAF7-6DCB4B33D008} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hsimp=yhs-affiliate_a&hspart=greentree&type=380920&p={searchTerms}
SearchScopes: HKCU - {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = hxxp://www.daemon-search.com/search?q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2967869
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{FE8C4194-3102-4A3C-8FA3-F6EFA6D879F1}: [NameServer]192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\De La Rose\AppData\Roaming\Mozilla\Firefox\Profiles\k2zwqodg.default-1379424446130
FF Homepage: about:home
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @gametap.com/npdd,version=1.0 - B:\Downloader\Metaboli\npdd.dll (Metaboli)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 - C:\Users\De La Rose\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\De La Rose\AppData\Roaming\Mozilla\Firefox\Profiles\k2zwqodg.default-1379424446130\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\De La Rose\AppData\Roaming\Mozilla\Firefox\Profiles\k2zwqodg.default-1379424446130\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Users\De La Rose\AppData\Roaming\Mozilla\Firefox\Profiles\k2zwqodg.default-1379424446130\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\De La Rose\AppData\Roaming\Mozilla\Firefox\Profiles\k2zwqodg.default-1379424446130\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\De La Rose\AppData\Roaming\Mozilla\Firefox\Profiles\k2zwqodg.default-1379424446130\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\De La Rose\AppData\Roaming\Mozilla\Firefox\Profiles\k2zwqodg.default-1379424446130\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\De La Rose\AppData\Roaming\Mozilla\Firefox\Profiles\k2zwqodg.default-1379424446130\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Winamp Application Detector) - C:\Program Files\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (Downloader Detector) - B:\Downloader\Metaboli\npdd.dll (Metaboli)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Facebook Plugin) - C:\Users\De La Rose\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\system32\npDeployJava1.dll No File
CHR Extension: (Google Docs) - C:\Users\De La Rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\De La Rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\De La Rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\De La Rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Google Wallet) - C:\Users\De La Rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\De La Rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\...\Chrome\Extension: [ofahndfepeaeelmhdkjiihmofnokhmik] - C:\Users\DELARO~1\AppData\Local\Temp\tbch.crx

========================== Services (Whitelisted) =================

R2 AdvancedSystemCareService5; C:\Program Files\IObit\Advanced SystemCare with Antivirus 2013\ascsvc.exe [514432 2012-07-26] (IObit)
R2 Akamai; c:\program files\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 ASCAntivirusSrv; C:\Program Files\IObit\Advanced SystemCare with Antivirus 2013\ascavsvc.exe [906112 2012-08-23] (IOBit)
R2 D-Link Wireless N DWA-140_WPS; C:\Program Files\D-Link\DWA-140 revB\ANIWConnService.exe [53248 2010-06-03] ()

==================== Drivers (Whitelisted) ====================

R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwf.sys [12800 2009-03-06] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2010-04-09] ()
S1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [251728 2010-12-08] (AVG Technologies CZ, s.r.o.)
R2 bdfsfltr; C:\Windows\System32\DRIVERS\bdfsfltr.sys [353096 2012-03-15] (BitDefender)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2010-04-09] ()
R3 netr28u; C:\Windows\System32\DRIVERS\Dnetr28u.sys [855392 2010-05-05] (Ralink Technology Corp.)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [443448 2011-10-23] (Duplex Secure Ltd.)
S3 Trufos; C:\Windows\System32\DRIVERS\TRUFOS.sys [340624 2011-11-21] (BitDefender S.R.L.)
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1086976 2009-09-17] (VIA Technologies, Inc.)
S2 adfs; No ImagePath
S3 cpuz135; \??\C:\Users\DELARO~1\AppData\Local\Temp\cpuz135\cpuz135_x32.sys [x]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-01 12:52 - 2014-01-01 12:55 - 00013417 _____ C:\Users\De La Rose\Desktop\FRST.txt
2014-01-01 12:51 - 2014-01-01 12:51 - 00000000 ____D C:\FRST
2014-01-01 12:50 - 2014-01-01 12:51 - 00003202 _____ C:\Windows\WindowsUpdate.log
2014-01-01 12:46 - 2014-01-01 12:46 - 00000642 _____ C:\Users\De La Rose\Desktop\defogger_disable.log
2014-01-01 12:46 - 2014-01-01 12:46 - 00000020 _____ C:\Users\De La Rose\defogger_reenable
2014-01-01 12:16 - 2014-01-01 12:16 - 01064333 _____ (Farbar) C:\Users\De La Rose\Desktop\FRST.exe
2014-01-01 12:04 - 2014-01-01 12:04 - 00377856 _____ C:\Users\De La Rose\Desktop\gmer_2.1.19163.exe
2014-01-01 12:01 - 2014-01-01 12:01 - 00050477 _____ C:\Users\De La Rose\Desktop\Defogger.exe
2013-12-12 07:56 - 2013-12-12 07:56 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-12 00:46 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-12 00:46 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-12 00:46 - 2013-11-26 10:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-12 00:46 - 2013-11-26 09:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-12 00:46 - 2013-11-26 09:52 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-12 00:46 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-12 00:46 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-12 00:46 - 2013-11-26 09:36 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-12 00:46 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-12 00:46 - 2013-11-26 09:29 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-12 00:46 - 2013-11-26 09:29 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-12 00:46 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-12 00:46 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-12 00:46 - 2013-11-26 09:13 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-12 00:46 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-12 00:46 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-12 00:46 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-12 00:46 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-12 00:46 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-11 07:11 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-11 07:11 - 2013-10-30 02:27 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 07:11 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 07:11 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 07:11 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 07:11 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 07:11 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 07:11 - 2013-10-04 02:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 07:11 - 2013-10-04 02:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-08 17:18 - 2013-12-08 17:18 - 00001240 _____ C:\Users\De La Rose\Desktop\Amazon Cloud Player.lnk
2013-12-08 17:18 - 2013-12-08 17:18 - 00000000 ____D C:\Users\De La Rose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player
2013-12-08 17:18 - 2013-12-08 17:18 - 00000000 ____D C:\Users\De La Rose\AppData\Local\Amazon Cloud Player
2013-12-08 17:17 - 2013-12-08 17:17 - 36117312 _____ (Amazon) C:\Users\De La Rose\Downloads\AmazonCloudPlayerInstaller_381.exe

==================== One Month Modified Files and Folders =======

2014-01-01 12:55 - 2014-01-01 12:52 - 00013417 _____ C:\Users\De La Rose\Desktop\FRST.txt
2014-01-01 12:55 - 2010-06-28 12:33 - 00000000 ____D C:\Users\De La Rose\AppData\Local\PMB Files
2014-01-01 12:53 - 2009-07-14 05:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-01 12:53 - 2009-07-14 05:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-01 12:52 - 2013-04-01 06:01 - 00000000 ____D C:\Users\postgres
2014-01-01 12:51 - 2014-01-01 12:51 - 00000000 ____D C:\FRST
2014-01-01 12:51 - 2014-01-01 12:50 - 00003202 _____ C:\Windows\WindowsUpdate.log
2014-01-01 12:50 - 2012-03-29 14:20 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-01 12:48 - 2012-07-16 09:39 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-01 12:48 - 2011-07-10 18:07 - 00000302 ____H C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
2014-01-01 12:48 - 2011-07-10 18:06 - 00000314 ___SH C:\Windows\Tasks\AUVU.job
2014-01-01 12:48 - 2010-12-09 10:09 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2014-01-01 12:48 - 2010-08-27 09:00 - 00000000 ____D C:\Program Files\Common Files\Akamai
2014-01-01 12:48 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-01 12:48 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\tracing
2014-01-01 12:46 - 2014-01-01 12:46 - 00000642 _____ C:\Users\De La Rose\Desktop\defogger_disable.log
2014-01-01 12:46 - 2014-01-01 12:46 - 00000020 _____ C:\Users\De La Rose\defogger_reenable
2014-01-01 12:46 - 2010-03-26 17:00 - 00000000 ____D C:\Users\De La Rose
2014-01-01 12:21 - 2012-07-16 09:39 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-01 12:16 - 2014-01-01 12:16 - 01064333 _____ (Farbar) C:\Users\De La Rose\Desktop\FRST.exe
2014-01-01 12:04 - 2014-01-01 12:04 - 00377856 _____ C:\Users\De La Rose\Desktop\gmer_2.1.19163.exe
2014-01-01 12:01 - 2014-01-01 12:01 - 00050477 _____ C:\Users\De La Rose\Desktop\Defogger.exe
2013-12-31 18:50 - 2010-03-26 17:24 - 01501000 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-29 15:11 - 2010-10-12 13:40 - 00000000 ____D C:\Users\De La Rose\AppData\Roaming\Winamp
2013-12-26 22:44 - 2013-11-03 08:54 - 00000000 ____D C:\ProgramData\HappyCloud
2013-12-26 22:41 - 2011-04-08 21:11 - 00000000 ____D C:\Users\De La Rose\AppData\Local\Electronic Arts
2013-12-26 22:41 - 2010-03-29 19:52 - 00000000 ____D C:\Program Files\Electronic Arts
2013-12-22 20:05 - 2011-09-14 18:51 - 00000000 ____D C:\Users\De La Rose\AppData\Roaming\Canon
2013-12-18 09:52 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF
2013-12-17 15:41 - 2012-10-17 20:28 - 00000000 ____D C:\ProgramData\iobit
2013-12-12 11:31 - 2012-05-03 05:40 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-12 11:28 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2013-12-12 07:56 - 2013-12-12 07:56 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-12 06:28 - 2009-07-14 05:33 - 02215744 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-12 06:26 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-12-12 00:46 - 2013-07-19 23:42 - 00000000 ____D C:\Windows\system32\MRT
2013-12-12 00:45 - 2010-03-26 18:34 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-11 19:50 - 2012-03-29 14:20 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-12-11 19:50 - 2011-05-16 18:27 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-12-10 00:02 - 2010-03-27 11:54 - 00000000 ____D C:\Users\De La Rose\AppData\Local\PokerStars.EU
2013-12-08 17:18 - 2013-12-08 17:18 - 00001240 _____ C:\Users\De La Rose\Desktop\Amazon Cloud Player.lnk
2013-12-08 17:18 - 2013-12-08 17:18 - 00000000 ____D C:\Users\De La Rose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player
2013-12-08 17:18 - 2013-12-08 17:18 - 00000000 ____D C:\Users\De La Rose\AppData\Local\Amazon Cloud Player
2013-12-08 17:17 - 2013-12-08 17:17 - 36117312 _____ (Amazon) C:\Users\De La Rose\Downloads\AmazonCloudPlayerInstaller_381.exe
2013-12-05 21:27 - 2013-01-02 09:47 - 00000000 ____D C:\Program Files\PokerStars.EU
2013-12-05 20:27 - 2013-09-24 09:13 - 00002121 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-03 09:58 - 2009-07-14 05:53 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT

Files to move or delete:
====================
C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-30 00:58

==================== End Of Log ============================
--- --- ---


Hier erschien mitten im Scan folgende Meldung:
Windows-Sicherheitswarnung: Die Datei kann eventuell Schaden auf dem Computer anrichten. Der Zugriff auf die Datei wurde aus Sicherheitsgründen blockiert. Name: install.rdf
Nach Klick auf "ok" lief der Scan ohne weitere Unterbrechung weiter.

3.Addition

FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 31-12-2013
Ran by De La Rose at 2014-01-01 12:55:25
Running from C:\Users\De La Rose\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Advanced SystemCare with Antivirus (Enabled - Out of date) {1C304DC4-1D72-5DB9-B33A-43B638ECFD30}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

3D Pinball from Plus! for Windows 95 (Version:  - )
7-PDF Maker Version 1.2.0 (Build 119) (Version: 7-PDF Maker - Version 1.2.0 (Build 119) - 7-PDF, Germany - Thorsten Hodes)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated)
Acrobat.com (Version: 1.2.443 - Adobe Systems Incorporated)
Adobe AIR (Version: 1.5.2.8900 - Adobe Systems Inc.)
Adobe Flash Player 10 ActiveX (Version: 10.0.2.54 - Adobe Systems, Inc.)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 9 ActiveX (Version: 9 - Adobe Systems)
Adobe Media Encoder CS4 Exporter (Version: 1.0 - Adobe Systems Incorporated)
Adobe Media Encoder CS4 Importer (Version: 1.0 - Adobe Systems Incorporated)
Adobe Media Player (Version: 0.0.0 - Adobe Systems Incorporated)
Adobe Media Player (Version: 1.1 - Adobe Systems Incorporated)
Adobe Premiere Pro CS4 Third Party Content (Version: 4 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) - Deutsch (Version: 11.0.05 - Adobe Systems Incorporated)
Adobe Setup (Version: 2.0 - Adobe Systems Incorporated)
Advanced SystemCare with Antivirus 2013 (Version: 5.6.4 - IObit)
Akamai NetSession Interface (Version:  - Akamai Technologies, Inc)
Akamai NetSession Interface Service (Version:  - )
Amazon Cloud Player (Version: 2.1.0.381 - Amazon Services LLC)
AMD DnD V1.0.20 (Version: 1.0.20 - AMD)
ANNO 1404 - Königsedition (Version: 1.02.0000 - Ubisoft)
ArmA2 Uninstall (Version:  - )
ATI Catalyst Install Manager (Version: 3.0.765.0 - ATI Technologies, Inc.)
Canon iP1600 (Version:  - )
Canon MG6100 series MP Drivers (Version:  - )
Canon MP Navigator EX 4.0 (Version:  - )
Canon My Printer (Version:  - )
Canon Solution Menu EX (Version:  - )
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI)
Catalyst Control Center Core Implementation (Version: 2010.0302.2233.40412 - ATI)
Catalyst Control Center Graphics Full Existing (Version: 2010.0302.2233.40412 - ATI)
Catalyst Control Center Graphics Full New (Version: 2010.0302.2233.40412 - ATI)
Catalyst Control Center Graphics Light (Version: 2010.0302.2233.40412 - ATI)
Catalyst Control Center Graphics Previews Common (Version: 2010.0302.2233.40412 - ATI)
Catalyst Control Center Graphics Previews Vista (Version: 2010.0302.2233.40412 - ATI)
Catalyst Control Center HydraVision Full (Version: 2010.0302.2233.40412 - ATI)
Catalyst Control Center InstallProxy (Version: 2010.0302.2233.40412 - ATI Technologies, Inc.)
Catan - Die erste Insel (Version:  - )
CCC Help English (Version: 2010.0302.2232.40412 - ATI)
ccc-core-static (Version: 2010.0302.2233.40412 - Ihr Firmenname)
ccc-utility (Version: 2010.0302.2233.40412 - ATI)
CCleaner (Version: 4.02 - Piriform)
CDBurnerXP (Version: 4.5.2.4214 - CDBurnerXP)
CDex - Open Source Digital Audio CD Extractor (Version: 1.70.4.2009 - Georgy Berdyshev)
Celestia 1.6.1 (Version:  - Shatters Software)
Command & Conquer(TM) Generäle (Version: 0.50.0000 - Electronic Arts)
Deluxe Pacman version 1.80 (Version: 1.80 - )
Diablo III (Version: 1.0.5.12811 - Blizzard Entertainment)
D-Link DWA-140 (Version:  - D-Link)
Downloader (Version:  - )
EA Download Manager (Version: 8.0.3.427 - Electronic Arts, Inc.)
EA Installer (Version: 2.2.0.62 - Electronic Arts, Inc.)
Easy TM Forever 3.0.3 (Version: 3.0.3 - NazguL)
ElsterFormular (Version: 13.0.0.8086k - Landesfinanzdirektion Thüringen)
Emsisoft HiJackFree 4.5 (Version: 4.5 - Emsi Software GmbH)
Fallout 3 (Version: 1.00.0000 - Bethesda Softworks)
GIMP 2.6.12 (Version: 2.6.12 - The GIMP Team)
Google Chrome (Version: 31.0.1650.63 - Google Inc.)
Google Update Helper (Version: 1.3.22.3 - Google Inc.)
Image Resizer Powertoy Clone for Windows (Version: 2.1.1 - Brice Lambson)
Java 7 Update 45 (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.)
Just Sudoku - Professional Edition 1.2 (Version:  - Sudoku-Puzzles.net)
Kyodai Mahjongg 2006 v1.42 (Version:  - Rene-Gilles Deberdt)
LG USB Modem Drivers (Version: 4.9.4 - LG Electronics)
Lucas Schach v. 7.01 (Version:  - )
ManiaPlanet (Version:  - Nadeo)
Mass Effect 2 (Version: 1.2.1604.0 - Electronic Arts)
Microsoft .NET Framework 1.1 (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 de) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (Version: 26.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
Nexus Mod Manager (Version: 0.19.0 - Black Tree Gaming)
Notepad++ (Version: 5.9.2 - )
NVIDIA PhysX (Version: 9.09.0814 - NVIDIA Corporation)
OpenOffice.org 3.2 (Version: 3.2.9483 - OpenOffice.org)
Pando Media Booster (Version: 2.3.4.8 - Pando Networks Inc.)
Path of Exile (Version: 0.10.0.22397 - Grinding Gear Games)
PDFBinder (Version: 1.0.0 - Malamute.dk)
Philips Songbird (Version: 5.4.1980 (1980) - Koninklijke Philips Electronics N.V.)
Platform (Version: 1.34 - VIA Technologies, Inc.)
PokerStars.eu (Version:  - PokerStars.eu)
Sid Meier's Alpha Centauri (Version:  - GOG.com)
Skype™ 5.10 (Version: 5.10.116 - Skype Technologies S.A.)
Steam (Version: 1.0.0.0 - Valve Corporation)
The Elder Scrolls V: Skyrim (Version:  - Bethesda Game Studios)
The Lord of the Rings FREE Trial  (Version: 1.00.0000 - ATI Technologies Inc.)
TmNationsForever Update 2010-03-15 (Version:  - Nadeo)
TmUnitedForever (Version:  - Nadeo)
Uninstall 1.0.0.1 (Version:  - )
VIA Plattform-Geräte-Manager (Version: 1.34 - VIA Technologies, Inc.)
VLC media player 1.1.11 (Version: 1.1.11 - VideoLAN)
Winamp (Version: 5.581  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Media Player Firefox Plugin (Version: 1.0.0.8 - Microsoft Corp)
WinRAR (Version:  - )
XP Codec Pack (Version:  - )

==================== Restore Points  =========================

29-11-2013 00:17:27 Windows Update
03-12-2013 20:39:02 Windows Update
10-12-2013 10:56:35 Windows Update
11-12-2013 23:44:41 Windows Update
17-12-2013 07:09:13 Windows Update
20-12-2013 08:16:50 Windows Update
24-12-2013 09:21:48 Windows Update
26-12-2013 21:40:29 Removed Dead Space™
27-12-2013 16:59:51 Windows Update
31-12-2013 08:05:50 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:04 - 2010-04-06 13:00 - 00001302 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com


==================== Scheduled Tasks (whitelisted) =============

Task: {3A6AC493-B755-431E-A549-552DCA478B92} - System32\Tasks\{22116563-108C-42c0-A7CE-60161B75E508} => C:\Users\DELARO~1\AppData\Local\Temp\Imf.exe <==== ATTENTION
Task: {81B11624-C420-4C5C-AAB9-54BA4046F47C} - System32\Tasks\AUVU => Rundll32.exe "C:\Windows\system32\autoexeca.dll",IXTA
Task: {85681DCC-06DD-44A5-B7D1-46FFE606EFA1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-06] (Google Inc.)
Task: {8CD03DC8-30FD-4306-A6C7-4E38EBF4B013} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {A0271EEA-F805-4408-A498-3B29A287612A} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {B8296209-12A1-4621-BFCD-428371C02AAF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd)
Task: {CC148004-7562-47E4-A5F3-F6CD4F1BE33C} - System32\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A} => C:\Users\DELARO~1\AppData\Local\Temp\Imk.exe <==== ATTENTION
Task: {EDFB459E-C4FE-4912-A315-FD50CD53642B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-06] (Google Inc.)
Task: {F6285DF8-BAD0-4DA5-BA6A-413BA9577396} - System32\Tasks\{E2627983-ACB9-43DC-9294-0D4B41EA91DD} => C:\Program Files\Skype\Phone\Skype.exe [2012-07-13] (Skype Technologies S.A.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AUVU.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job => C:\Users\DELARO~1\AppData\Local\Temp\Imf.exe

==================== Loaded Modules (whitelisted) =============

2011-02-09 01:56 - 2011-02-09 01:56 - 00296448 _____ () B:\Programme\NppShell_04.dll
2012-10-17 20:28 - 2012-06-19 16:02 - 00139648 _____ () C:\Program Files\IObit\Advanced SystemCare with Antivirus 2013\ASCv5ExtMenu.dll
2010-03-26 18:07 - 2009-05-07 16:50 - 00073728 ____R () C:\Program Files\VIA\VIAudioi\VDeck\QsApoApi.dll
2010-03-26 18:07 - 2009-05-07 16:53 - 00106496 ____R () C:\Program Files\VIA\VIAudioi\VDeck\Dts2ApoApi.dll
2010-03-26 18:07 - 2008-02-14 13:57 - 00094208 ____R () C:\Program Files\VIA\VIAudioi\VDeck\VMicApi.dll
2010-03-26 18:07 - 2009-09-02 09:28 - 47628288 ____R () C:\Program Files\VIA\VIAudioi\VDeck\Skin.dll
2013-08-06 20:00 - 2013-08-06 20:00 - 00315392 _____ () C:\Program Files\D-Link\DWA-140 revB\ANPDApi.dll
2013-08-06 19:59 - 2010-06-29 16:23 - 00299008 _____ () C:\Program Files\D-Link\DWA-140 revB\WlanApp.dll
2009-11-24 13:36 - 2009-11-24 13:36 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-03-26 18:21 - 2010-03-26 18:21 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: adfs
Description: adfs
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: adfs
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/31/2013 09:45:34 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Plug-ins\Common\TSStrider,type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "Plug-ins\Common\TSStrider,type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (12/31/2013 09:45:32 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (12/29/2013 07:00:10 PM) (Source: Windows Backup) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "E:\" nicht abgeschlossen. Fehler: "The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)"

Error: (12/28/2013 03:40:03 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Plug-ins\Common\TSStrider,type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "Plug-ins\Common\TSStrider,type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (12/28/2013 03:40:02 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (12/27/2013 01:24:56 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Plug-ins\Common\TSStrider,type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "Plug-ins\Common\TSStrider,type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (12/27/2013 01:24:55 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (12/26/2013 11:19:25 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Plug-ins\Common\TSStrider,type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "Plug-ins\Common\TSStrider,type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (12/26/2013 11:19:24 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (12/24/2013 10:54:22 AM) (Source: pgAgent) (User: )
Description: Failed to query jobs table!


System errors:
=============
Error: (01/01/2014 00:48:32 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
Avgldx86

Error: (01/01/2014 00:48:29 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/01/2014 00:47:43 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT AUTHORITY)
Description: Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten.

Error: (01/01/2014 11:33:24 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
Avgldx86

Error: (01/01/2014 11:33:12 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Function Discovery Resource Publication" wurde mit folgendem Fehler beendet: 
%%-2147014847

Error: (01/01/2014 11:33:12 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/01/2014 11:32:59 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT AUTHORITY)
Description: Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten.

Error: (12/31/2013 06:47:31 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
Avgldx86

Error: (12/31/2013 06:47:29 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Function Discovery Resource Publication" wurde mit folgendem Fehler beendet: 
%%-2147014847

Error: (12/31/2013 06:47:29 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2


Microsoft Office Sessions:
=========================
Error: (12/31/2013 09:45:34 AM) (Source: SideBySide)(User: )
Description: Plug-ins\Common\TSStrider,type="win32",version="1.0.0.0"C:\Program Files\Adobe\Adobe Premiere Pro CS4\MPEGHDVExport.exe

Error: (12/31/2013 09:45:32 AM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (12/29/2013 07:00:10 PM) (Source: Windows Backup)(User: )
Description: E:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (12/28/2013 03:40:03 PM) (Source: SideBySide)(User: )
Description: Plug-ins\Common\TSStrider,type="win32",version="1.0.0.0"C:\Program Files\Adobe\Adobe Premiere Pro CS4\MPEGHDVExport.exe

Error: (12/28/2013 03:40:02 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (12/27/2013 01:24:56 PM) (Source: SideBySide)(User: )
Description: Plug-ins\Common\TSStrider,type="win32",version="1.0.0.0"C:\Program Files\Adobe\Adobe Premiere Pro CS4\MPEGHDVExport.exe

Error: (12/27/2013 01:24:55 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (12/26/2013 11:19:25 PM) (Source: SideBySide)(User: )
Description: Plug-ins\Common\TSStrider,type="win32",version="1.0.0.0"C:\Program Files\Adobe\Adobe Premiere Pro CS4\MPEGHDVExport.exe

Error: (12/26/2013 11:19:24 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (12/24/2013 10:54:22 AM) (Source: pgAgent)(User: )
Description: Failed to query jobs table!


==================== Memory info =========================== 

Percentage of memory in use: 31%
Total physical RAM: 3199.3 MB
Available physical RAM: 2203.52 MB
Total Pagefile: 6396.9 MB
Available Pagefile: 5318.05 MB
Total Virtual: 2047.88 MB
Available Virtual: 1882.42 MB

==================== Drives ================================

Drive b: (Daten) (Fixed) (Total:1397.26 GB) (Free:1053.19 GB) NTFS
Drive c: () (Fixed) (Total:149.04 GB) (Free:53.08 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive q: (Elements) (Fixed) (Total:465.76 GB) (Free:351.74 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: ACE22E9E)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1397 GB) (Disk ID: 84A72D7B)
Partition 1: (Not Active) - (Size=-698723860480) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: 001F3B94)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================
--- --- ---


4.Gmer

GMER Logfile:
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2014-01-01 13:09:26
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3160023AS rev.3.00 149,05GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\DELARO~1\AppData\Local\Temp\ffldyaow.sys


---- Kernel code sections - GMER 2.1 ----

.text  ntkrnlpa.exe!ZwRollbackEnlistment + 142D                                                                            82E5AA15 1 Byte  [06]
.text  ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                              82E94212 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text  C:\Windows\system32\DRIVERS\atikmdag.sys                                                                            section is writeable [0x91C36000, 0x37D761, 0xE8000020]
.text  C:\Windows\system32\DRIVERS\atksgt.sys                                                                              section is writeable [0x989B5300, 0x3B6D8, 0xE8000020]
.text  C:\Windows\system32\DRIVERS\lirsgt.sys                                                                              section is writeable [0xA301B300, 0x1BEE, 0xE8000020]

---- User code sections - GMER 2.1 ----

.text  C:\Program Files\Pando Networks\Media Booster\PMB.exe[3368] kernel32.dll!SetUnhandledExceptionFilter                764DF4EB 5 Bytes  [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0x00 0x00 0x00 0x00 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x8D 0x87 0xB5 0x82 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0x8E 0xE4 0x42 0x38 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0x8A 0xDE 0xFB 0xCD ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1                      
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                0x29 0xBB 0xDA 0xB7 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0x00 0x00 0x00 0x00 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x8D 0x87 0xB5 0x82 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x8E 0xE4 0x42 0x38 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x8A 0xDE 0xFB 0xCD ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)  
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                    0x29 0xBB 0xDA 0xB7 ...

---- EOF - GMER 2.1 ----
--- --- ---

Bevor ich das Thema eröffnet habe und nachdem alle Scans durchgeführt wurden, habe ich mir die Trial-Version von Kaspersky Antivirus 2014 runtergeladen und einen Quick-Scan durchgeführt.Dieser ergab keine Bedrohungen.
Vielleicht kann mir jemand weiterhelfen. Herzlichen Dank schon einmal für eine mögliche Lösung/Antwort.
Geändert von kluksch (01.01.2014 um 15:18 Uhr)

 

Themen zu Entfernen von DuckDuckGo Search Engine unter Firefox (OS:Windows 7 (32-Bit))
akamai, antivirus, branding, browser, canon, computer, downloader, duckduckgo, entfernen, flash player, hijack.zones, homepage, plug-in, problem, prozessor, registry, required, richtlinie, schach, software, suchmaschine, svchost.exe, trojan.downloader, trojan.fakealert, trojan.fakealert.sa, vista, windows, windows xp


« BitGuard, Babylon, Delta Search und andere Ad-, Spy- und Scareware @ MARCO-VAIO | Ständige Virusmeldung von Avira »


Ähnliche Themen: Entfernen von DuckDuckGo Search Engine unter Firefox (OS:Windows 7 (32-Bit))


  1. Fehlerhinweis "Ungültiges Bild" unter WINDOWS 7: "C:\PROGRA~2\SEARCH~2\SEARCH~1\bin\VC32LO~1.DLL" +
    Log-Analyse und Auswertung - 19.04.2015 (9)
  2. Windows 7: C:\PROGRA~2\SEARCH~1\bin\VC32LO~.DLL ist entweder nicht für die Ausführung unter Windows vorgesehn oder enthält einen Fehler...
    Log-Analyse und Auswertung - 03.04.2015 (11)
  3. C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL ist entweder nicht für die Ausführung unter Windows vorgesehen...
    Plagegeister aller Art und deren Bekämpfung - 16.03.2015 (17)
  4. C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL ist entweder nicht für die Ausführung unter Windows vorgesehe
    Plagegeister aller Art und deren Bekämpfung - 06.02.2015 (5)
  5. duckduckgo versucht zu entfernen aber ohne Erfolg!
    Log-Analyse und Auswertung - 03.01.2015 (29)
  6. Search Protect unter Win 7 entfernen
    Log-Analyse und Auswertung - 08.12.2014 (35)
  7. DuckDuckGo lässt sich nicht aus Firefox entfernen
    Log-Analyse und Auswertung - 02.12.2014 (37)
  8. Search d.p Engine. Ist das Delta-Search? Wenn nein, egal ich werde es nicht mehr los
    Log-Analyse und Auswertung - 27.01.2014 (11)
  9. Windows 8 u. IE: snap.do engine lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 27.10.2013 (13)
  10. Windows 7: Snap.do und Search-Gol wird je nach User unter Firefox als Suchmaschine vorgeschlagen
    Log-Analyse und Auswertung - 14.10.2013 (9)
  11. Search conduit aus Firefox entfernen?
    Plagegeister aller Art und deren Bekämpfung - 06.08.2013 (13)
  12. Claro-Search von Firefox entfernen
    Plagegeister aller Art und deren Bekämpfung - 09.12.2012 (15)
  13. Claro-Search von Firefox entfernen
    Log-Analyse und Auswertung - 05.12.2012 (20)
  14. Claro-search Firefox entfernen
    Log-Analyse und Auswertung - 31.10.2012 (11)
  15. default search engine protection was ist das???
    Alles rund um Windows - 28.01.2009 (0)
  16. best search engine
    Plagegeister aller Art und deren Bekämpfung - 07.03.2005 (1)
  17. Best Search Engine!!! bzw. Just find it!
    Log-Analyse und Auswertung - 02.03.2005 (5)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Entfernen von DuckDuckGo Search Engine unter Firefox (OS:Windows 7 (32-Bit)) - Hallo, erst einmal ein gesundes neues Jahr 2014. Mein Problem: Ich hatte vor einigen Monaten DuckDuckGo als Suchmaschine genutzt und mir auch ein Suchtool installiert,welches DDG als bevorzugte Suchmaschine nutzt. - Entfernen von DuckDuckGo Search Engine unter Firefox (OS:Windows 7 (32-Bit))...
Archiv
Du betrachtest: Entfernen von DuckDuckGo Search Engine unter Firefox (OS:Windows 7 (32-Bit)) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131